1#!/bin/bash 2# 3# qcow2 format input validation tests 4# 5# Copyright (C) 2013 Red Hat, Inc. 6# 7# This program is free software; you can redistribute it and/or modify 8# it under the terms of the GNU General Public License as published by 9# the Free Software Foundation; either version 2 of the License, or 10# (at your option) any later version. 11# 12# This program is distributed in the hope that it will be useful, 13# but WITHOUT ANY WARRANTY; without even the implied warranty of 14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15# GNU General Public License for more details. 16# 17# You should have received a copy of the GNU General Public License 18# along with this program. If not, see <http://www.gnu.org/licenses/>. 19# 20 21# creator 22owner=kwolf@redhat.com 23 24seq=`basename $0` 25echo "QA output created by $seq" 26 27here=`pwd` 28tmp=/tmp/$$ 29status=1 # failure is the default! 30 31_cleanup() 32{ 33 rm -f $TEST_IMG.snap 34 _cleanup_test_img 35} 36trap "_cleanup; exit \$status" 0 1 2 3 15 37 38# get standard environment, filters and checks 39. ./common.rc 40. ./common.filter 41 42_supported_fmt qcow2 43_supported_proto file 44_supported_os Linux 45# Internal snapshots are (currently) impossible with refcount_bits=1 46_unsupported_imgopts 'refcount_bits=1[^0-9]' 47 48header_size=104 49 50offset_backing_file_offset=8 51offset_backing_file_size=16 52offset_l1_size=36 53offset_l1_table_offset=40 54offset_refcount_table_offset=48 55offset_refcount_table_clusters=56 56offset_nb_snapshots=60 57offset_snapshots_offset=64 58offset_header_size=100 59offset_ext_magic=$header_size 60offset_ext_size=$((header_size + 4)) 61 62offset_l2_table_0=$((0x40000)) 63 64offset_snap1=$((0x70000)) 65offset_snap1_l1_offset=$((offset_snap1 + 0)) 66offset_snap1_l1_size=$((offset_snap1 + 8)) 67 68echo 69echo "== Huge header size ==" 70_make_test_img 64M 71poke_file "$TEST_IMG" "$offset_header_size" "\xff\xff\xff\xff" 72{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 73poke_file "$TEST_IMG" "$offset_header_size" "\x7f\xff\xff\xff" 74{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 75 76echo 77echo "== Huge unknown header extension ==" 78_make_test_img 64M 79poke_file "$TEST_IMG" "$offset_backing_file_offset" "\xff\xff\xff\xff\xff\xff\xff\xff" 80poke_file "$TEST_IMG" "$offset_ext_magic" "\x12\x34\x56\x78" 81poke_file "$TEST_IMG" "$offset_ext_size" "\x7f\xff\xff\xff" 82{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 83poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x$(printf %x $offset_ext_size)" 84{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 85poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x00" 86{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 87 88echo 89echo "== Huge refcount table size ==" 90_make_test_img 64M 91poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff" 92{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 93poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01" 94{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 95 96echo 97echo "== Misaligned refcount table ==" 98_make_test_img 64M 99poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" 100{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 101 102echo 103echo "== Huge refcount offset ==" 104_make_test_img 64M 105poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\x00\x00" 106poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f" 107{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 108 109echo 110echo "== Invalid snapshot table ==" 111_make_test_img 64M 112poke_file "$TEST_IMG" "$offset_nb_snapshots" "\xff\xff\xff\xff" 113{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 114poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x7f\xff\xff\xff" 115{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 116 117poke_file "$TEST_IMG" "$offset_snapshots_offset" "\xff\xff\xff\xff\xff\xff\x00\x00" 118poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\xff\xff" 119{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 120 121poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" 122poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\x00\x00" 123{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 124 125echo 126echo "== Hitting snapshot table size limit ==" 127_make_test_img 64M 128# Put the refcount table in a more or less safe place (16 MB) 129poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x00\x00\x00\x00\x01\x00\x00\x00" 130poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x01\x00\x00" 131{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir 132{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 133 134echo 135echo "== Invalid L1 table ==" 136_make_test_img 64M 137poke_file "$TEST_IMG" "$offset_l1_size" "\xff\xff\xff\xff" 138{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 139poke_file "$TEST_IMG" "$offset_l1_size" "\x7f\xff\xff\xff" 140{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 141 142poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x7f\xff\xff\xff\xff\xff\x00\x00" 143poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\xff\xff" 144{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 145 146poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" 147poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01" 148{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 149 150echo 151echo "== Invalid L1 table (with internal snapshot in the image) ==" 152_make_test_img 64M 153{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 154poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x00" 155_img_info 156 157echo 158echo "== Invalid backing file size ==" 159_make_test_img 64M 160poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x10\x00" 161poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff" 162{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 163 164echo 165echo "== Invalid L2 entry (huge physical offset) ==" 166_make_test_img 64M 167{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 168poke_file "$TEST_IMG" "$offset_l2_table_0" "\xbf\xff\xff\xff\xff\xff\x00\x00" 169{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 170poke_file "$TEST_IMG" "$offset_l2_table_0" "\x80\x00\x00\xff\xff\xff\x00\x00" 171{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 172 173echo 174echo "== Invalid snapshot L1 table ==" 175_make_test_img 64M 176{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir 177{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir 178poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00\x00\x00" 179{ $QEMU_IMG convert -s test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir 180 181# success, all done 182echo "*** done" 183rm -f $seq.full 184status=0 185